Isn’t that the whole issue with this topic? I don’t understand your stupid question
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
- Thread starter MacRumors
- Start date
- Sort by reaction score
Isn’t that the whole issue with this topic? I don’t understand your stupid question
For some reason all these companies and app makers refuse to give me access to their code and procedures, and won't even provide examples of what personal information is visible and who it is visible to within their company. Kind of makes individual responsibility difficult.
Because this wasn't made clear to the user and is not an expected practice. Yes, as a developer if you use my app the code knows how to handle events like touch etc, and if you type in sensitive data into a textfield somewhere it will send that data somewhere... but will it record that interaction, including you typing in the sensitive data? Hell no! Will I store that data somewhere where I can see it? Nope! When I use services like Google Analytics I ensure that we never capture identifying data (such as names, identification numbers etc) and this isn't the case here.
I don't know what other platforms have to do with it - it sounds like you're attempting to justify it by saying "other platforms have it too", which is a tenuous argument.
It does seem to be written in a bizarrely paranoid way which has everyone going crazy in here.
Most websites employ this technology too - it's just a way for UX designers to see how people interact in their app, where the "hot spots" are, if people get stuck, if people continually struggle to find things. It's hardly evil to it's core.
I think the big issue is the fact that there isn't any internal requirements at those companies about who can view what. After the purchase has been entered there is no reason for anyone else in that company to be able to see the credit card number, for example, or at least very few people should have access. The implication was that the information was easily accessible to a lot of people at that company whether it was information that they needed to do their job or not.
Apple's policies are only "strict" about not competing with Apple. Anything else goes.
That’s not the issue. Apple has a right to brag. There are 1000s of legitimate apis and legitimate ways of collecting data. The app developer has to be upfront.
It’s literally no different than a trusted friend spilling your secret, but you ignored that allegory because it doesn’t fit your narrative.
[doublepost=1549539503][/doublepost]
Lol, it’s been like this with apps for years on all platforms. You might have missed it though and mistakenly think the genie just got out of the bottle.
I trust apple implicitly with my data. App developers not so much. Rogue developers misusing data collected legitimately is an issue on every platform. Ask Facebook. Maybe apple should ban them.
*Every* app does that, one way or another. They want to understand how you use the app. For instance, imagine a shopping app. They wanna know how you interact with products to have data to see if they can improve the page. If you don't interact, let's say, with the product composition part of the page, they wanna know so that they can make it more visible or easier to interact. There's nothing wrong about that, everyone does that.
The thing is, and I didn't clearly understand, is if this framework allows to capture visually the content of the screen, like when you fill in credit card information, for instance. That would be bad, specially if they store it somewhere unsafely.
The thing is, and I didn't clearly understand, is if this framework allows to capture visually the content of the screen, like when you fill in credit card information, for instance. That would be bad, specially if they store it somewhere unsafely.
Again a "What if?" scenario. Where is this "cheapest bidder" that relates to the companies in the article happening?
[doublepost=1549539864][/doublepost]
You're actually right; but come on, we can't damn everyone going forward because some bad guys did bad stuff in the past.
If you don't understand the question, how do you know it is stupid?
No, but I certainly did not agree to this when there is a high chance of my personal information getting leaked. I was reading hotels.com privacy policy and it is so vague and indirect that you can do pretty much anything behind it. Not cool.
A company emphasising privacy, and there being an unintended software bug, in no way contradict each other.
OK. I agree it's not cool but let's cut to the chase the article is about "Some popular iPhone apps....". These companies wanted to develop an iPhone app; they looked at Apple's guild-lines. They developed an an app that is within Apple's guide-lines. They awaited Apple's approval being willing to make changes if they fell short of Apple's guild-lines. Apple approves the app to be distributed by Apple's app store. Users download said app from Apple's app store and use it.
People don't like the T&C and all of a sudden it's the company that owns the apps fault (despite jumping through hoops to get it approved) WTF??!
This sounds incredibly dubious. As an iOS dev myself, there is no way for me to continually record a customers screen, UIKit wouldn't allow an open ended session like this nor would it 'capture' without notification.
What's more likely happening is that the app records it's inputs and somewhere (call centre perhaps) is capable of simulating this playback. If you're using Apples native keyboard, they cannot see your key presses when the keyboard is visible as this would be a protected and completely different process than the app recording inputs.
I'm not surprised that this news article has no video evidence of this alleged screen capture happening because it's simply not possible with the current 3rd party development toolset.
[doublepost=1549543728][/doublepost]
What's more likely happening is that the app records it's inputs and somewhere (call centre perhaps) is capable of simulating this playback. If you're using Apples native keyboard, they cannot see your key presses when the keyboard is visible as this would be a protected and completely different process than the app recording inputs.
I'm not surprised that this news article has no video evidence of this alleged screen capture happening because it's simply not possible with the current 3rd party development toolset.
[doublepost=1549543336][/doublepost]
Multiple popular iPhone apps from major companies are using intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge, reports TechCrunch.
Apps that include Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm that lets developers use "session replay" screen recording technology within their apps.
Session replays let developers screenshot or record or a user's screen and then play back those recordings to see how users interact with their apps. Taps, button pushes, and keyboard entries are all captured and provided to app developers.
Some apps, such as Air Canada, don't properly mask data that's recorded, exposing information like passport numbers and credit card information. Air Canada employees with access to the screenshot database can readily see this data.
TechCrunch had mobile app expert The App Analyst look at some of the apps that Glassbox lists as a customer. Not all apps leaked masked data, and most appeared to be obfuscated, but there were instances where email addresses and postal codes were visible.
"Since this data is often sent back to Glassbox servers I wouldn't be shocked if they have already had instances of them capturing sensitive banking information and passwords," The App Analyst told TechCrunch.
As TechCrunch points out, all of the apps have a privacy policy, but not one makes it clear that they're recording a user's screen. Glassbox does not require special permission from either Apple or the user to record the screen, and without checking specific app data, there is no way to know if an app is doing this.
Glassbox also does not require its customers to mention the usage of the screen recording feature in their privacy policies.There are other analytics companies that have practices similar to Glassbox, like Appsee and UXCam, and there are a lot of major companies that are using this kind of technology, based on their customer lists. This kind of tracking is also not limited to iOS apps -- it can be done on the web as well.
With no way to detect that this is going on, all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes without clear privacy policies.
Article Link: Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
If only you lived closer to me, I'd love to demonstrate showing you how much more secure browsing on your iOS device really is; you'd be blown away. iOS has a bounty program though where Apple pay fat stacks of cash to those that properly disclose and document vulnerabilities. Mac OS on the other hand? No such thing. One might ask themselves why this is and perhaps also why Apple has Mac computers right in its iOS sights. As for Windows well, they're better than they used to be lets go that far. My advice, stick with iOS. It has the biggest amount of cash behind it and is arguably the best OS on the planet.
[doublepost=1549543728][/doublepost]
I'm fairly certain Apple are doing what you expect them to do. Remember, every process that is built by a 3rd party for iOS must conform to the constraints of the 3rd party developer framework. We simply cannot write code outside of that. If the API does not support 'continuous screen recording without customers explicit consent' it just cannot happen and I assure you (until I see evidence which non of us have yet) it cannot happen unless some exploit has been found which in itself is worth a lot more money from Apple Security than it is from a news agency for the story.
For me this is a deal breaker and I will be sure not to use any of apps that do this. I will be more careful in the future.
The problem is that all those paragraphs written in small fine print are composed by a phalanx of lawyers who specialize in legalese one must pursue a law degree to figure out, assuming you can read the tiny print in the first place. What they should do is post something like "YOUR KEYSTROKES, SCREEN GESTURES, LOCATION, MESSAGING, AND PHONE CALLS WILL ALL BE MONITORED, RECORDED, AND SENT TO THE DEVELOPER IF YOU USE THIS APPLICATION!". Post that in a huge bold font. Then, if you use the app, it's on you. Otherwise, this is purely deceitful, and I can't imagine Apple doesn't know it's happening, despite all their boasts about privacy.
[doublepost=1549544577][/doublepost]
Because whatever
Yes, they tend to backtrack and correct things when they get caught - sort of like the battery issue with iPhones.
[doublepost=1549544924][/doublepost]
Yes, they are just "chancing" it. The NSA was exposed for doing illegal and likely unconstitutional snooping of US citizens on a regular basis and probably still does it. They "chanced" it, and so far mostly nothing has been done to stop them. Laws and regulations mean nothing if they aren't enforced.
Last edited:
How users didn't see this coming I don't know. Don't install apps folks or your phone is 0wned by the developers.
There is no narrative here, and your allegory is irrelevant.
I’m just calling out Apple’s privacy narrative.
As an app developer, the apis give me free reign to practically do whatever I want within its boundaries whether you consider something ethical or not. If Apple has the “right” to brag about privacy yet allows apis to capture information that they regard as sensitive, it’s a bit of an oxymoron isn’t it?
Emphasizing is an understatement because every company emphasizes privacy collection at different levels. Have you conveniently forgotten the Apple banner in Vegas?
Even though software bugs happen and for a company that is very adamant about its privacy practice, this simple bug exposes the differences between words vs actions. That’s where the contradiction happens.
So maybe he need to learn how to shut mouth, if he wants to talk then there's some other way. He acts like Apple will do no harm and everybody else is doing bad, which is obviously a marketing ploy.